Apple releases iOS 11.0.1 software update for iPhone and iPad
> https://9to5mac.com/.../26/ios-11-0-1/
Sep 26, 2017 - "Apple has released the first software update to iOS 11 with iOS 11.0.1 for iPhone and iPad. The build comes in at 15A402 (or 15A403), up from 15A372 for iOS 11.0. As a bug fix and performance improvements update, we don’t expect any feature changes in this release. These updates typically make everything run smoother and potentially help with battery life* and any lingering bugs..."
* https://9to5mac.com/...-life-problems/

>> http://osxdaily.com/...ad-iphone-ipad/
Sep 26, 2017 - "... It’s unclear if the iOS 11.0.1 software update will address any reported iOS 11 battery life problems, problems with Outlook and Microsoft email, or other issues encountered with the recent iOS 11 release, but the update is recommended to install for everyone on iOS 11, whether or not they are experiencing software issues since updating their iPhone or iPad..."

> https://support.appl.../en-us/HT208136
Sep 26, 2017 - "You might not be able to send email with an Outlook.com, Office 365, or Exchange account until you update to iOS 11.0.1. If your email account is hosted by Microsoft on Outlook.com or Office 365, or an Exchange Server 2016 running on Windows Server 2016, you might see this error message when you try to send an email with iOS 11: "Cannot Send Mail. The message was rejected by the server." To fix the issue, update to iOS 11.0.1 or later."

> https://ios.gadgetha...ios-11-0177756/
Sep 20, 2017 - "... Check Battery Usage: The first step in treating your battery problem is to see where the problem may be stemming, so head to Settings –> Battery. You should be able to see what apps have been draining your iPhone's battery life over the last 24 hours, as well as another period of time (usually seven days). If you tap on any of the apps in the list, or if you tap the clock icon in the top-right corner next to the time tabs, you will see how much time each app has been used on the screen, as well has how much time the app has spent working in the background..."
___

> https://support.appl.../en-us/HT208067
Oct 3, 2017 - "... iOS 11.0.2 includes bug fixes and improvements for your iPhone or iPad. This update:
- Fixes an issue where crackling sounds may occur during calls for a small number of iPhone 8 and 8 Plus devices
- Addresses an issue that could cause some photos to become hidden
- Fixes an issue where attachments in S/MIME encrypted emails would not open..."(More detail at the URL above.)
___

>> https://9to5mac.com/...and-ipod-touch/
Oct. 3 2017 - "Apple has just released iOS 11.0.2 for iPhone, iPad and iPod touch devices. This marks the second bug-fix-update since iOS 11 launched in September. The build number is 15A421.
It looks to be another round of bug fixes and performance improvements, including a fix for crackly audio during phone calls on iPhone 8, a bug that caused some photos not to show up in user’s libraries and resolves an issue relating to attachments in encrypted email...
Apple says the iOS 11.0.2 brings various ‘bug fixes and improvements for iPhone and iPad’.
The minor update is available now for all iOS 11 devices (including the sixth-generation iPod touch).
To update, open Settings on your iOS device and navigate to General -> Software Update. You will need at least 50% battery to perform the update, or be connected to a power outlet.
We’ll keep an eye out for any other changes and enhancements in this latest version of iOS 11. No word yet on battery drain or adverse effects on performance, but we’ll report back if something does arise..."
___

Security Update 2017-001 - macOS High Sierra 10.13.1
- https://support.appl.../en-us/HT208315
Nov 29, 2017 - "Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872: When you install Security Update 2017-001* on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac**.
* https://support.apple.com/kb/HT201541
** https://support.appl.../en-us/HT201260
If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update***.
*** https://support.appl.../en-us/HT204012
If you experience issues with authenticating or connecting to file shares on your Mac after you install this update, you can repair file sharing[4].
4] https://support.apple.com/kb/HT208317
___

iOS 11.2 released
- https://www.theverge...eatures-release
Dec 2, 2017 - "Apple is taking the highly unusual step of releasing a significant iOS update today, just hours after an iOS 11 bug started crashing iPhones. A bug in iOS 11.1.2 started causing iPhones to crash if third-party apps use recurring notifications for things like reminders. Apple is releasing iOS 11.2 today, which addresses the issue and includes a number of new features. Apple usually releases iOS updates on a Tuesday, so this appears to have been issued early to fix the crash bug..."

iCloud for Windows 7.2
- https://support.appl.../en-us/HT208328
Dec 13, 2017
APNs Server: Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a user
Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol.
CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy
WebKit: Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
___

AirPort Base Station Firmware Update 7.6.9
- https://support.appl.../en-us/HT208258
Dec 12, 2017
AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
___

AirPort Base Station Firmware Update 7.7.9
- https://support.appl.../en-us/HT208354
Dec 12, 2017
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
___

Apple - About speculative execution vulnerabilities in ARM-based and Intel CPUs
- https://support.appl.../en-us/HT208394
Jan 4, 2018 - "Background: The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software. The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
> Meltdown: Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited.
Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
> Spectre: Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS."
___